Tux Machines
Posted by Roy Schestowitz on Jan 18, 2023,
updated Jan 20, 2023
=> Programming Leftovers | 20 Best Instant Messaging Programs for Linux
=> ↺ Important: Thunderbird 102.7.0 And Microsoft Office 365 Enterprise Users | ↺ Microsoft is sabotaging Free software for its monopoly's sake
On Wednesday, January 18, Thunderbird 102.7.0 will be released with a crucial change to how we handle OAuth2 authorization with Microsoft accounts. This may involve some extra work for users currently using Microsoft-hosted accounts through their employer or educational institution.
In order to meet Microsoft’s requirements for publisher verification, it was necessary for us to switch to a new Azure application and application ID. However, some of these accounts are configured to require administrators to approve any applications accessing email.
If you encounter a screen saying “Need admin approval” during the login process, please contact your IT administrators to approve the client ID 9e5f94bc-e8a4-4e73-b8be-63364c29d753 for Mozilla Thunderbird (it previously appeared to non-admins as “Mzla Technologies Corporation”).
=> ↺ Thinking of Hiring or Running a Booter Service? Think Again.
Most people who operate DDoS-for-hire businesses attempt to hide their true identities and location. Proprietors of these so-called “booter” or “stresser” services — designed to knock websites and users offline — have long operated in a legally murky area of cybercrime law. But until recently, their biggest concern wasn’t avoiding capture or shutdown by the feds: It was minimizing harassment from unhappy customers or victims, and insulating themselves against incessant attacks from competing DDoS-for-hire services.
=> ↺ mjg59 | PKCS#11. hardware keystores, and Apple frustrations
There's a bunch of ways you can store cryptographic keys. The most obvious is to just stick them on disk, but that has the downside that anyone with access to the system could just steal them and do whatever they wanted with them. At the far end of the scale you have Hardware Security Modules (HSMs), hardware devices that are specially designed to self destruct if you try to take them apart and extract the keys, and which will generate an audit trail of every key operation. In between you have things like smartcards, TPMs, Yubikeys, and other platform secure enclaves - devices that don't allow arbitrary access to keys, but which don't offer the same level of assurance as an actual HSM (and are, as a result, orders of magnitude cheaper).
UPDATE
=> ↺ Thunderbird 102.7.0 requires manual updating due to a bug | ↺ Microsoft is breaking Thunderbird
Thunderbird 102.7.0 is the first version of the email client that handles OAuth2 authentication for Microsoft accounts differently. The team had to make the change, according to a blog post on the official Thunderbird website, to meet Microsoft's publisher verification requirements.
The project switched to a new Azure application and ID. Some users who use Thunderbird may receive a notification prompt on first run of Thunderbird 102.7.0 that prompts for administrative approval.
If that is the case, an IT administrator needs to approve the client. The team provides the following information on the procedure:
"If you encounter a screen saying “Need admin approval” during the login process, please contact your IT administrators to approve the client ID 9e5f94bc-e8a4-4e73-b8be-63364c29d753 for Mozilla Thunderbird (it previously appeared to non-admins as “Mzla Technologies Corporation”).
=> gemini.tuxmachines.org This content has been proxied by September (ba2dc).Proxy Information
text/gemini;lang=en-GB